---

CVE-2021-31542 - log back

CVE-2021-31542 edited at 04 May 2021 09:55:58
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Directory traversal
Description	+ A security issue has been found in Django before version 3.2.1. MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names. In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.
References	+ https://www.djangoproject.com/weblog/2021/may/04/security-releases/ + https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007
Notes

CVE-2021-31542 created at 04 May 2021 09:54:28